[Pkg-net-snmp-devel] Bug#963713: net-snmp: CVE-2019-20892
Sylvain Beucler
beuc at beuc.net
Tue Jul 7 16:07:37 BST 2020
Hi,
On 06/07/2020 19:11, Sylvain Beucler wrote:
> Do we have definite info on what versions are affected?
>
> I cannot reproduce the issue in jessie/stretch/buster (5.7.x).
>
> Incidentally Salvatore's test now yields an error in bullseye
> (5.8dfsg-3), though I suspect the issue is at the client's level:
> # snmpbulkget -v3 -Cn1 -Cr1472 -l authPriv -u testuser -a SHA -A
> testpass -x AES -X testpass 127.0.0.1 1.3.6.1.2.1.1.5 1.3.6.1.2.1.1.7
> Error in packet.
> Reason: (genError) A general failure occured
Bisecting gives a range of ~20 commits where the server is buggy (either
goes 100% CPU, or rejects the request with "send response: Too long").
1a0dbe19bf2787bb5bea913f210a9a5eb4c0c80c
"new snmp token sendMessageMaxSize"
works fine.
3eb4b473fed816108d1843dadee1ce877415b96b
"add debug_enable_token_logs debug_disable_token_logs to output_api.h"
triggers the double-free.
Anything in-between is random, and includes 2 "getbulk enhancements".
The date varies greatly so this may be a series of cherry-picks.
In any case, all of this happens between 5.7.3 and 5.8.pre1.
Cheers!
Sylvain
More information about the Pkg-net-snmp-devel
mailing list